Verification Of Mainframe Started tasks that require UID(0) zero

Start task DESCRIPTION

BBI PASS MANAGER

CA7

OMVS/CRON (task scheduler)

Kernal Daemon for FTP

Orcale10g MFRS DBASE SERVICES

Orcale10g MFRT DBASE SERVICES

Orcale10g MVRP DBASE SERVICES

z/OS TCP/IP STC

ORACLE10G SYT STC ACID

TCPIP POLICY AGENT

Mainview

NETMASTER Report Center

BATCH/DASD VOLUME CONFIG-DEFRAG

CA7 PROD CONTROL

SSH TECTIA SERVER

WILYZOS STC – CA CROSS Enterprise APM agent

ZFS ACID  (omvs zs file system manager)

Release : 16.0

Component : CA TOP SECRET

The requirement for UID(0) is not a Top Secret requirement. It is product specific. For the Broadcom products in the list:

CA7 
CA7 PROD CONTROL 
NETMASTER Report Center

** There isn't anything in the CA WORKLOAD AUTOMATION CA 7® EDITION 12.1 documentation where UID(0) is required. Here are the commands for Top Secret:

CA Workload Automation CA 7 Edition requires an ACID definition to execute under CA Top Secret® security. This definition identifies CA WA CA 7 Edition as a started task, names the procedure from which CA WA CA 7 Edition executes, and associates the CA WA CA 7 Edition facility with the CA WA CA 7 Edition ACID.
This command has the following format:

TSS CREATE(acid) NAME('CA 7 ONLINE ACID') FAC(STC,BATCH) +
TYPE(USER) PASS(NOPW) DEPT(dept) MASTFAC(CA7)
TSS PERMIT(acid) ACID(acid1)

Where acid1 is one of the acids that you want to use for scheduled batch jobs through CA WA CA 7 Edition. Do this for each acid that is used for scheduled batch jobs through CA WA CA 7 Edition.

Though not recommended, if you want to allow the 'acid' acid to submit jobs under any ACID and not define each separately, add the NOSUBCHK attribute to the 'acid'.

The following command adds the CA WA CA 7 Edition ACID to the CA Top Secret Started Task facility and identifies the CA WA CA 7 Edition procedure name.

TSS ADDTO(STC) PROCNAME(ca7proc) ACID(acid)

Define ICOM to CA Top Secret
The CA Workload Automation CA 7 Edition Independent Communications Manager (ICOM) must also be defined to CA Top Secret®. ICOM handles SMF data for jobs that are submitted through CA WA CA 7 Edition, and therefore requires an ACID to execute in a CA Top Secret secured environment. The following command example may be used to define ICOM to CA Top Secret.
This command has the following format:

TSS CREATE(acid2) NAME('CA 7 ICOM') FAC(STC) TYPE(USER) +
PASS(NOPW) DEPT(dept) MASTFAC(CA7)
TSS PERMIT(acid2) ACID(acid1)

The following command adds the ICOM ACID to the CA Top Secret Started Task Facility and identifies the ICOM procedure name.

TSS ADDTO(STC) PROCNAME(ca7icomproc) ACID(acid2)

Where acid1 is one of the acids that you want to use for scheduled batch jobs through CA WA CA 7 Edition. Do this for each acid that is used for scheduled batch jobs through CA WA CA 7 Edition.

Though not recommended, if you want to allow the 'acid2' acid to submit jobs under any ACID and not define each separately, add the NOSUBCHK attribute to the 'acid2'.

** The CA NETMASTER® SHARED CONTENT LIBRARY 12.2 documentation gives the commands (TSS, ACF2, and RACF) to set up the OMVS segments for region STCs:

Set Up OMVS Segment for Region STCs

The TSS command has UID(nnn), which indicates that 0 is not required.

** For the non Broadcom/CA products, check with the product vendor to see if their respective product requires UID(0) on the region acid.